From 519a408e23e7a6bb55d5ef459d107d3869f7b2f8 Mon Sep 17 00:00:00 2001 Message-Id: <519a408e23e7a6bb55d5ef459d107d3869f7b2f8.1377873642.git.jdenemar@redhat.com> From: Eric Blake Date: Wed, 21 Aug 2013 08:16:48 -0600 Subject: [PATCH] migration: do not restore labels on failed migration 7.0: https://bugzilla.redhat.com/show_bug.cgi?id=822052 6.5: https://bugzilla.redhat.com/show_bug.cgi?id=895826 When doing a live migration, if the destination fails for any reason after the point in which files should be labeled, then the cleanup of the destination would restore the labels to their defaults, even though the source is still trying to continue running with the image open. Bug 822052 mentioned one source of live migration failure - a mismatch in SELinux virt_use_nfs settings (on for source, off for destination); but I found other situations that would also trigger it (for example, having a graphics device tied to port 5999 on the source, and a different domain on the destination already using that port, so that the destination cannot reuse the port). In short, just as cleanup of the source on a successful migration must not relabel files (because the destination would be crippled by the relabel), cleanup of the destination on a failed migration must not relabel files (because the source would be crippled). * src/qemu/qemu_process.c (qemuProcessStart): Set flag to avoid label restoration when cleaning up on failed migration. Signed-off-by: Eric Blake (cherry picked from commit e4ddcf09fb3efa4c5014e0c3259a05beb0f719a8) --- src/qemu/qemu_process.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 6a28356..1d8df58 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -3467,6 +3467,10 @@ int qemuProcessStart(virConnectPtr conn, * restore any security label as we would overwrite labels * we did not set. */ stop_flags = VIR_QEMU_PROCESS_STOP_NO_RELABEL; + /* If we fail while doing incoming migration, then we must not + * relabel, as the source is still using the files. */ + if (migrateFrom) + stop_flags |= VIR_QEMU_PROCESS_STOP_MIGRATED; hookData.conn = conn; hookData.vm = vm; -- 1.8.3.2